216.73.217.86

Major August 2025 Cyber Attacks: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA

· Published 26/08/2025 16:14 · Modified 26/08/2025 19:09

Export JSON

Essential information

Published
26/08/2025 16:14
Modified
26/08/2025 19:09
Tags
2025-08-26 clickfix phishing rhadamanthys stealer salty2fa tycoon2fa
Related entities
27 observables, 1 intrusion sets (apt), 6 techniques (mitre), 3 malware, 11 others

Description

In August 2025, significant cyber attacks emerged, including a 7-stage campaign targeting government, military, and financial institutions across the US, UK, Canada, and Europe. The attack uses multiple verification steps to evade security systems. A new campaign delivered the using PNG steganography, indicating increased sophistication in payload delivery. , a new -as-a-Service framework attributed to Storm-1575, was discovered targeting Microsoft 365 accounts globally, capable of bypassing various 2FA methods. These attacks demonstrate the evolution of kits and stealers, emphasizing the need for behavioral analysis and real-time threat intelligence in cybersecurity defenses.

External references